Linux (CentOS) SSH login without password authentication

Recently, in the construction of Hadoop cluster, in order to operate conveniently, master with no password authentication method SSH login Slave.
1. Principle:
Master as a client, to implement password-free public key authentication, to connect to the server salve, you need to generate a key pair on master, including a public key and a private key, and then copy the public key to all the salve. When Master is linked to salve via SSH, Salve generates a random number and encrypts the random number with the master's public key and sends it to master. Master receives the encryption number and then decrypts it with the private key, and then passes the decryption number back to Salve,salve to confirm that the decryption number is correct and allows master to connect. This is a public key authentication process that does not require manual password entry, and the important process is to copy the public key generated on master to salve.

2. Log in to the Hadoop user on Master, execute the following command, generate a key pair, write the public key file to the authorization file, and assign the permissions

[Email protected] bin]$ ssh-keygen-t rsa-p"'Generating Public/PrivateRsaKeyPair. Enter fileinchwhich toSave theKey(/HOME/HADOOP/.SSH/ID_RSA): Your identification has been savedinch/home/hadoop/.ssh/id_rsa. Your Public Keyhas been savedinch/home/hadoop/.ssh/id_rsa.pub.theKeyFingerprint is: the: +: FB: -: on: C9: -: A3: -: on:6C: $:3b:a0:e0:e2 [Email protected]theKey' s Randomart image is:+--[RSA2048]----+|*.++.. || +==+.          . ||        *O...O. || +    .. o O | | E.     o S | | .       O.        ||        .                 ||                 || |+-----------------+[[email protected] bin]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys[[email protected] bin]$ chmod -~/.ssh/authorized_keys

3 Switch root user, configure sshd, uncomment the public key field,
Rsaauthentication Yes # Enable RSA authentication
Pubkeyauthentication Yes # Enable public key private key pairing authentication method
Authorizedkeysfile. Ssh/authorized_keys # Public key file path (same as the file generated above) and save settings, then restart sshd to test the native SSH

[hadoop@master bin]$ su root密码：bash-4.1# vim /etc/ssh/sshd_configbash-4.1# service sshd restartStoppingsshd:                                             [  OK  ]Startingsshd:                                             [  OK  ]

4. Native test: Here I used the LOCALHOST,IP address, hostname to test, you can find no need to enter a password.

[[email protected] bin]$ ssh localhostthe authenticity ofHost ' localhost ' (::1) ' Can ' t be established. RSA Key Fingerprint is 3A: About:7F: A: the: BD:3B: the: +: BB:8A:5C: +: the:1F:.Is you sure want to ContinueConnecting (yes/no)? yeswarning:permanently added ' localhost ' (RSA) to  the List  ofKnown hosts. [[email protected] ~]$ SSH172.16. 1.The authenticity ofHost '172.16. 1.(172.16. 1.) ' Can ' t be established. RSA Key Fingerprint is 3A: About:7F: A: the: BD:3B: the: +: BB:8A:5C: +: the:1F:.Is you sure want to ContinueConnecting (yes/no)? Yeswarning:permanently added '172.16. 1.' (RSA) to  the List  ofKnown hosts. Last login:wed JuneTen  A:Panax Notoginseng: at  -  from::1[[email protected] ~]$ ssh mastersysconfig/system-releasethe authenticity ofHost ' Master (172.16. 1.) ' Can ' t be established. RSA Key Fingerprint is 3A: About:7F: A: the: BD:3B: the: +: BB:8A:5C: +: the:1F:.Is you sure want to ContinueConnecting (yes/no)? yeswarning:permanently added ' master ' (RSA) to  the List  ofKnown hosts. Last login:wed JuneTen  A: -:Panax Notoginseng  -  from 172.16. 1.

The following describes the master SSH login slave with no password authentication method.

1. First create the user Hadoop on slave and set the password

-bash-4.1# useradd hadoop-bash-4.1# ls -l /home总用量 8drwx------ 2 hadoop hadoop 4096 6月  10 12:58 hadoopdrwx------ 2 xc     xc     4096 7月   9 2013 xc-bash-4.1# passwd hadoop更改用户 hadoop 的密码 。新的 密码：重新输入新的 密码：passwd： 所有的身份验证令牌已经成功更新。

2. Switch to master and SCP the public key on master to the Hadoop user on the slave node

[Hadoop@master~]$ SCP ~/.ssh/id_rsa.pub Hadoop@slave2:~/ theAuthenticity of host' Slave2 (172.16.1.20) 'Can' t be established. RSA key fingerprint is 67:22:BA:43:AD:FE:A2:D4:AD:43:26:4B:71:D0:54:AF. Is you sure want to continue connecting (yes/no)? Yeswarning:permanently added 'Slave2,172.16.1.20' (RSA) to the list of known hosts. [Email protected] 'SPassword:Id_rsa.pub -%395     0.4kb/sxx:xx[Hadoop@master~]$

3. After copying to the slave node, the public key appends the authorization file and modifies the permissions

[hadoop@master ~]$ ssh [email protected]hadoop@slave2‘s password:[hadoop@slave2 ~]$ lsid_rsa.pub[hadoop@slave2 ~]$ mkdir ~/.ssh[hadoop@slave2 ~]$ chmod 700 ~/.ssh/[hadoop@slave2 ~]$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys[hadoop@slave2 ~]$ chmod 600 ~/.ssh/authorized_keys[hadoop@slave2 ~]$

4. Then switch to root, modify the sshd configuration, and restart the sshd service.
1) Add the following two lines of code under/etc/sys

sysconfig/      system-releasesysctl.conf     system-release-cpe

2) then modify the/etc/ssh/sshd_config file to remove the following three lines of comments (#)

yesyesAuthorizedKeysFile      .ssh/authorized_keys

3) Restart SSHD service

service sshd restart

5. Go back to master to test and find that you can ssh to the slave node's Hadoop user without entering the password.

[hadoop@master ~]$ ssh hadoop@slave2Lastlogin:WedJun1013:09:532015172.16.1.17[hadoop@slave2 ~]$

Linux (CentOS) SSH login without password authentication